Obama Vows a Response to Cyberattack on Sony

Video

President Obama called the decision by Sony Pictures to cancel the release of “The Interview” after threats from hackers the F.B.I. said were backed by North Korea a “mistake.”CreditCreditStephen Crowley/The New York Times

WASHINGTON — President Obama said on Friday that the United States “will respond proportionally” against North Korea for its destructive cyberattacks on Sony Pictures, but he criticized the Hollywood studio for giving in to intimidation when it withdrew “The Interview,” the satirical movie that provoked the attacks, before it opened.

Deliberately avoiding specific discussion of what kind of steps he was planning against the reclusive nuclear-armed state, Mr. Obama said that the response would come “in a place and time and manner that we choose.” Speaking at a White House news conference before leaving for Hawaii for a two-week vacation, he said American officials “have been working up a range of options” that he said have not yet been presented to him.

A senior official said Mr. Obama would likely be briefed in Hawaii on those options. Mr. Obama’s threat came just hours after the F.B.I. said it had assembled extensive evidence that the North Korean government organized the cyberattack that debilitated the Sony computers.

If he makes good on it, it would be the first time the United States has been known to retaliate for a destructive cyberattack on American soil or to have explicitly accused the leaders of a foreign nation of deliberately damaging American targets, rather than just stealing intellectual property. Until now, the most aggressive response was the largely symbolic indictment of members of a Chinese Army unit this year for stealing intellectual property.

The president’s determination to act was a remarkable turn in what first seemed a story about Hollywood backbiting and gossip as revealed by the release of emails from studio executives and other movie industry figures describing Angelina Jolie as a “spoiled brat” and making racially tinged lists of what they thought would be Mr. Obama’s favorite movies.

But it quickly escalated, and the combination of the destructive nature of the attacks — which wiped out Sony computers — and a new threat this week against theatergoers if the “The Interview,” whose plot revolves an attempt to assassinate the North Korean leader, Kim Jong-un, opened on Christmas Day turned it into a national security issue. “First it was a game-changer,” one official said. “Then it became a question of what happens if we don’t respond? And the president concluded that’s not an option.”

But as striking as his determination to make North Korea pay a price for its action was his critique of Sony Pictures for its decision to cancel “The Interview.” Mr. Obama argued that the precedent that withdrawing the movie set could be damaging — and that the United States could not give in to intimidation.

“I wish they had spoken to me first,” Mr. Obama said of Sony’s leadership. “I would have told them, ‘Do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.’ ”

In a clear reference to Mr. Kim, he said, “We cannot have a society in which some dictator someplace can start imposing censorship here in the United States.” That would encourage others to do the same “when they see a documentary that they don’t like or news reports that they don’t like.”

The chief executive of Sony Pictures, Michael Lynton, immediately defended his decision and said Mr. Obama misunderstood the facts. He argued that when roughly 80 percent of the country’s theaters refused to book the film after the latest threat, “we had no alternative but to not proceed with the theatrical release,” Mr. Lynton told CNN. “We have not caved, we have not given in, we have not backed down.”

In a follow-up statement, Sony said that it “immediately began actively surveying alternatives” to theatrical distribution after theater owners balked. But so far no mainstream cable, satellite or online film distributor was willing to adopt the movie.

Image

The headquarters of Sony Pictures in Culver City, Calif. The F.B.I. said that some of the methods employed in the Sony cyberattack were similar to ones that were used by the North Koreans against South Korean banks.CreditChristopher Polk/Getty Images

Mr. Obama did not pass up the opportunity to take a jab at the insecure North Korean government for worrying about a Hollywood comedy, even a crude one.

“I think it says something about North Korea that they decided to have the state mount an all-out assault on a movie studio because of a satirical movie,” he said, smiling briefly at the ridiculousness of an international confrontation set off by a Hollywood comedy.

The case against North Korea was described by the F.B.I. in somewhat generic terms. It said there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks” to previous attacks conducted by the North Koreans.

“The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hard-coded into the data deletion malware used in this attack.” An Internet protocol address is the closest thing to an identifier of where an attack emanated.

Some of the methods employed in the Sony attack were similar to ones that were used by the North Koreans against South Korean banks and news media outlets in 2013. That was a destructive attack, as was an attack several years ago against Saudi Aramco, later attributed to Iran. While there were common cybertools to the Saudi attack as well, Mr. Obama told reporters on Friday he had seen no evidence that any other nation was involved.

The F.B.I.’s announcement was carefully coordinated with the White House and reflected the intensity of the investigation; just a week ago, a senior F.B.I. official said he could not say whether North Korea was responsible. Administration officials noted that the White House had now described the action against Sony as an “attack,” as opposed to mere theft of intellectual property, and that suggested that Mr. Obama was now looking for a government response, rather than a corporate one.

The F.B.I.’s statements “are based on intelligence sources and other conclusive evidence,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “Now the U.S. has to figure out the best way to respond and how much risk they want to take. It’s important that whatever they say publicly signals to anyone considering something similar that they will be handled much more roughly.”

While American officials were circumspect about how they had collected evidence, some has likely been developed from “implants” placed by the National Security Agency. North Korea has proved to be a particularly hard target because it has relatively low Internet connectivity to the rest of the world, and its best computer minds do not move out of the country often, where their machines and USB drives could be accessible targets.

Private security researchers who specialize in tracing attacks said that the government’s conclusions matched their own findings. George Kurtz, a founder of CrowdStrike, a California-based security firm, said that his company had been studying public samples of the Sony malware and had linked them to hackers inside North Korea — the firm internally refers to them as Silent Chollima — who have been conducting attacks since 2006.

In 2009, a similar campaign of coordinated cyberattacks over the Fourth of July holiday hit 27 American and South Korean websites, including those of South Korea’s presidential palace, called the Blue House, and its Defense Ministry, and sites belonging to the United States Treasury Department, the Secret Service and the Federal Trade Commission. North Korea was suspected, but a clear link was never established.

But those were all “distributed denial of service” attacks, in which attackers flood the sites with traffic until they fall offline. The Sony attack was far more sophisticated: It wiped data off Sony’s computer systems, rendering them inoperable.

“The cyberattack against Sony Pictures Entertainment was not just an attack against a company and its employees,” Jeh C. Johnson, the secretary of the Department of Homeland Security, said in a statement. “It was also an attack on our freedom of expression and way of life.”

David E. Sanger and Michael Schmidt reported from Washington, and Nicole Perlroth from San Francisco. Michael Cieply and Brooks Barnes contributed reporting from Los Angeles.

A version of this article appears in print on , on Page A1 of the New York edition with the headline: Obama Vows a Response to Cyberattack on Sony. Order Reprints | Today’s Paper | Subscribe